Welcome to the Consumerist Archives

Thanks for visiting Consumerist.com. As of October 2017, Consumerist is no longer producing new content, but feel free to browse through our archives. Here you can find 12 years worth of articles on everything from how to avoid dodgy scams to writing an effective complaint letter. Check out some of our greatest hits below, explore the categories listed on the left-hand side of the page, or head to CR.org for ratings, reviews, and consumer news.

Computer manufacturer Lenovo rightly caught heat far and wide from every corner of the internet this week after security researchers discovered a massive security flaw that shipped pre-installed as advertising software. Lenovo should never have put the intrusive software on their computers in the first place, but there is some good news today, as the company is now sharing a list of what computers were affected, and how owners of their machines can remove this junk crap from their systems.

How can I find out if my computer has Superfish on it?
Lenovo has published a full list of the affected machines. It includes notebook computers in the E, Flex, G, M, Miix, S, U, Y, Yoga, and Z series shipped during the six-month span between September, 2014 and February, 2015:

ThinkPads, desktop computers, and smartphones were not affected, a Lenovo statement says.

Anyone — not just Lenovo owners — can also go to this third-party site that tells you if your system has the Superfish certificate vulnerability.

Oh no! I do! How can I get rid of it?
There are two parts to getting rid of Superfish. The first is uninstalling the software; the second is removing the false security certificate it leaves behind from the virtual bowels of your machine. Step one is easier than step two.

The guide has instructions as well as screenshots, to guide the less tech-savvy through the process. The EFF also has a visual guide, although it assumes a slightly higher level of familiarity/comfort with computers than Lenovo’s does.

Is Lenovo sorry? Lenovo should be so sorry.
Lenovo is certainly sorry the entire world noticed, at any rate.

In their first statement about the matter, Lenovo said, “We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,” despite the plenty of sites and experts pointing out said substantial security concerns. “But we know that users reacted to this issue with concern,” they deigned to add, “and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first,” and concluded, “Our goal was to enhance the experience for users.”

That didn’t go over as well as they might have hoped (the proverbial lead balloon springs to mind). Lenovo has since released an updated statement, saying, “Superfish is no longer being installed on any Lenovo device. In addition, we are going to spend the next few weeks digging in on this issue, learning what we can do better. We will talk with partners, industry experts and our users. We will get their feedback. By the end of this month, we will announce a plan to help lead Lenovo and our industry forward with deeper knowledge, more understanding and even greater focus on issues surrounding adware, pre-installs and security. We are eager to be held accountable for our products, your experience and the results of this new effort.”

In the meantime, Microsoft has also taken matters into their own hands: the most recent update to Windows Defender also nukes Superfish as a “known vulnerability.”

Want more consumer news? Visit our parent organization,Consumer Reports, for the latest on scams, recalls, and other consumer issues.